API Documentation

Your API key

You're logged in with your wallet. Use this key in the X-API-Key header:

Reach Investor tier (100k+ CTIDAO) on the Account page to get an API key.

Authentication

All write endpoints require an API key in the request header:

X-API-Key: your-api-key

If the key is missing or invalid, the API returns 401 Unauthorized.

POST /api/iocs

Submit a single IOC (Indicator of Compromise). Send one JSON object per request.

Required fields:

• indicator — the IOC value (e.g. IP, URL, hash, hostname)
• type — one of: ip, url, hash, host
• tag — tag/category

Optional:

• comment — string, max 255 characters
• timestamp — defaults to current time

Example:

{
  "indicator": "192.0.2.1",
  "type": "ip",
  "tag": "malware",
  "comment": "Observed in campaign XYZ"
}

curl:

curl -X POST "https://ctidao.com/api/iocs" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"indicator":"192.0.2.1","type":"ip","tag":"malware","comment":"Observed in campaign XYZ"}'

POST /api/pdns

Submit one or more passive DNS records. Send a single object or an array. You supply host, ip, record, and timestamp; the system sets first seen, last seen, and hit count (new record: firstseen = lastseen = timestamp, hits = 1; existing host+ip: lastseen = timestamp, hits incremented).

Required fields:

• host — hostname
• ip — IP address

Optional (with defaults):

• record — record type (default: A; only A is supported for now)
• timestamp — datetime string (default: current server time)

Example:

{
  "host": "sub.example.com",
  "ip": "203.0.113.10",
  "record": "A",
  "timestamp": "2026-02-22 12:00:00"
}

curl:

curl -X POST "https://ctidao.com/api/pdns" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"host":"sub.example.com","ip":"203.0.113.10","record":"A","timestamp":"2026-02-22 12:00:00"}'